Merge pull request #1708 from owncloud/style-cleanup-user_ldap
Style cleanup user_ldap
This commit is contained in:
commit
90939c8f12
9 changed files with 205 additions and 68 deletions
|
@ -32,10 +32,13 @@ $connection = new \OCA\user_ldap\lib\Connection('', null);
|
|||
if($connection->setConfiguration($_POST)) {
|
||||
//Configuration is okay
|
||||
if($connection->bind()) {
|
||||
OCP\JSON::success(array('message' => $l->t('The configuration is valid and the connection could be established!')));
|
||||
OCP\JSON::success(array('message'
|
||||
=> $l->t('The configuration is valid and the connection could be established!')));
|
||||
} else {
|
||||
OCP\JSON::error(array('message' => $l->t('The configuration is valid, but the Bind failed. Please check the server settings and credentials.')));
|
||||
OCP\JSON::error(array('message'
|
||||
=> $l->t('The configuration is valid, but the Bind failed. Please check the server settings and credentials.')));
|
||||
}
|
||||
} else {
|
||||
OCP\JSON::error(array('message' => $l->t('The configuration is invalid. Please look in the ownCloud log for further details.')));
|
||||
OCP\JSON::error(array('message'
|
||||
=> $l->t('The configuration is invalid. Please look in the ownCloud log for further details.')));
|
||||
}
|
||||
|
|
|
@ -51,5 +51,7 @@ $entry = array(
|
|||
|
||||
OCP\Backgroundjob::addRegularTask('OCA\user_ldap\lib\Jobs', 'updateGroups');
|
||||
if(OCP\App::isEnabled('user_webdavauth')) {
|
||||
OCP\Util::writeLog('user_ldap', 'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour', OCP\Util::WARN);
|
||||
OCP\Util::writeLog('user_ldap',
|
||||
'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour',
|
||||
OCP\Util::WARN);
|
||||
}
|
||||
|
|
|
@ -58,7 +58,9 @@ foreach($objects as $object) {
|
|||
try {
|
||||
$updateQuery->execute(array($newDN, $uuid, $dn['ldap_dn']));
|
||||
} catch(Exception $e) {
|
||||
\OCP\Util::writeLog('user_ldap', 'Could not update '.$object.' '.$dn['ldap_dn'].' in the mappings table. ', \OCP\Util::WARN);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'Could not update '.$object.' '.$dn['ldap_dn'].' in the mappings table. ',
|
||||
\OCP\Util::WARN);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -177,7 +177,8 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
|
|||
if($isMemberUid) {
|
||||
//we got uids, need to get their DNs to 'tranlsate' them to usernames
|
||||
$filter = $this->combineFilterWithAnd(array(
|
||||
\OCP\Util::mb_str_replace('%uid', $member, $this->connection>ldapLoginFilter, 'UTF-8'),
|
||||
\OCP\Util::mb_str_replace('%uid', $member,
|
||||
$this->connection>ldapLoginFilter, 'UTF-8'),
|
||||
$this->getFilterPartForUserSearch($search)
|
||||
));
|
||||
$ldap_users = $this->fetchListOfUsers($filter, 'dn');
|
||||
|
@ -188,7 +189,9 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
|
|||
} else {
|
||||
//we got DNs, check if we need to filter by search or we can give back all of them
|
||||
if(!empty($search)) {
|
||||
if(!$this->readAttribute($member, $this->connection->ldapUserDisplayName, $this->getFilterPartForUserSearch($search))) {
|
||||
if(!$this->readAttribute($member,
|
||||
$this->connection->ldapUserDisplayName,
|
||||
$this->getFilterPartForUserSearch($search))) {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
@ -225,7 +228,8 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
|
|||
return $ldap_groups;
|
||||
}
|
||||
|
||||
// if we'd pass -1 to LDAP search, we'd end up in a Protocol error. With a limit of 0, we get 0 results. So we pass null.
|
||||
// if we'd pass -1 to LDAP search, we'd end up in a Protocol
|
||||
// error. With a limit of 0, we get 0 results. So we pass null.
|
||||
if($limit <= 0) {
|
||||
$limit = null;
|
||||
}
|
||||
|
@ -234,7 +238,8 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
|
|||
$this->getFilterPartForGroupSearch($search)
|
||||
));
|
||||
\OCP\Util::writeLog('user_ldap', 'getGroups Filter '.$filter, \OCP\Util::DEBUG);
|
||||
$ldap_groups = $this->fetchListOfGroups($filter, array($this->connection->ldapGroupDisplayName, 'dn'), $limit, $offset);
|
||||
$ldap_groups = $this->fetchListOfGroups($filter, array($this->connection->ldapGroupDisplayName, 'dn'),
|
||||
$limit, $offset);
|
||||
$ldap_groups = $this->ownCloudGroupNames($ldap_groups);
|
||||
|
||||
$this->connection->writeToCache($cachekey, $ldap_groups);
|
||||
|
@ -282,7 +287,8 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
|
|||
* compared with OC_USER_BACKEND_CREATE_USER etc.
|
||||
*/
|
||||
public function implementsActions($actions) {
|
||||
//always returns false, because possible actions are modifying actions. We do not write to LDAP, at least for now.
|
||||
//always returns false, because possible actions are modifying
|
||||
// actions. We do not write to LDAP, at least for now.
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -48,7 +48,9 @@ abstract class Access {
|
|||
*/
|
||||
public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
|
||||
if(!$this->checkConnection()) {
|
||||
\OCP\Util::writeLog('user_ldap', 'No LDAP Connector assigned, access impossible for readAttribute.', \OCP\Util::WARN);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'No LDAP Connector assigned, access impossible for readAttribute.',
|
||||
\OCP\Util::WARN);
|
||||
return false;
|
||||
}
|
||||
$cr = $this->connection->getConnectionResource();
|
||||
|
@ -123,7 +125,8 @@ abstract class Access {
|
|||
return $result;
|
||||
}
|
||||
|
||||
//OID sometimes gives back DNs with whitespace after the comma a la "uid=foo, cn=bar, dn=..." We need to tackle this!
|
||||
//OID sometimes gives back DNs with whitespace after the comma
|
||||
// a la "uid=foo, cn=bar, dn=..." We need to tackle this!
|
||||
$dn = preg_replace('/([^\\\]),(\s+)/u', '\1,', $dn);
|
||||
|
||||
//make comparisons and everything work
|
||||
|
@ -218,7 +221,8 @@ abstract class Access {
|
|||
* @param $ldapname optional, the display name of the object
|
||||
* @returns string with with the name to use in ownCloud, false on DN outside of search DN
|
||||
*
|
||||
* returns the internal ownCloud name for the given LDAP DN of the group, false on DN outside of search DN or failure
|
||||
* returns the internal ownCloud name for the given LDAP DN of the
|
||||
* group, false on DN outside of search DN or failure
|
||||
*/
|
||||
public function dn2groupname($dn, $ldapname = null) {
|
||||
//To avoid bypassing the base DN settings under certain circumstances
|
||||
|
@ -646,7 +650,9 @@ abstract class Access {
|
|||
$sr = ldap_search($linkResources, $base, $filter, $attr);
|
||||
$error = ldap_errno($link_resource);
|
||||
if(!is_array($sr) || $error > 0) {
|
||||
\OCP\Util::writeLog('user_ldap', 'Error when searching: '.ldap_error($link_resource).' code '.ldap_errno($link_resource), \OCP\Util::ERROR);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'Error when searching: '.ldap_error($link_resource).' code '.ldap_errno($link_resource),
|
||||
\OCP\Util::ERROR);
|
||||
\OCP\Util::writeLog('user_ldap', 'Attempt for Paging? '.print_r($pagedSearchOK, true), \OCP\Util::ERROR);
|
||||
return array();
|
||||
}
|
||||
|
@ -668,7 +674,9 @@ abstract class Access {
|
|||
if($skipHandling) {
|
||||
return;
|
||||
}
|
||||
//if count is bigger, then the server does not support paged search. Instead, he did a normal search. We set a flag here, so the callee knows how to deal with it.
|
||||
// if count is bigger, then the server does not support
|
||||
// paged search. Instead, he did a normal search. We set a
|
||||
// flag here, so the callee knows how to deal with it.
|
||||
if($findings['count'] <= $limit) {
|
||||
$this->pagedSearchedSuccessful = true;
|
||||
}
|
||||
|
@ -702,7 +710,9 @@ abstract class Access {
|
|||
$key = mb_strtolower($key, 'UTF-8');
|
||||
if(isset($item[$key])) {
|
||||
if($key != 'dn') {
|
||||
$selection[$i][$key] = $this->resemblesDN($key) ? $this->sanitizeDN($item[$key][0]) : $item[$key][0];
|
||||
$selection[$i][$key] = $this->resemblesDN($key) ?
|
||||
$this->sanitizeDN($item[$key][0])
|
||||
: $item[$key][0];
|
||||
} else {
|
||||
$selection[$i][$key] = $this->sanitizeDN($item[$key]);
|
||||
}
|
||||
|
@ -806,7 +816,9 @@ abstract class Access {
|
|||
* @return string the final filter part to use in LDAP searches
|
||||
*/
|
||||
public function getFilterPartForUserSearch($search) {
|
||||
return $this->getFilterPartForSearch($search, $this->connection->ldapAttributesForUserSearch, $this->connection->ldapUserDisplayName);
|
||||
return $this->getFilterPartForSearch($search,
|
||||
$this->connection->ldapAttributesForUserSearch,
|
||||
$this->connection->ldapUserDisplayName);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -815,7 +827,9 @@ abstract class Access {
|
|||
* @return string the final filter part to use in LDAP searches
|
||||
*/
|
||||
public function getFilterPartForGroupSearch($search) {
|
||||
return $this->getFilterPartForSearch($search, $this->connection->ldapAttributesForGroupSearch, $this->connection->ldapGroupDisplayName);
|
||||
return $this->getFilterPartForSearch($search,
|
||||
$this->connection->ldapAttributesForGroupSearch,
|
||||
$this->connection->ldapGroupDisplayName);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -874,13 +888,15 @@ abstract class Access {
|
|||
foreach($testAttributes as $attribute) {
|
||||
\OCP\Util::writeLog('user_ldap', 'Testing '.$attribute.' as UUID attr', \OCP\Util::DEBUG);
|
||||
|
||||
$value = $this->readAttribute($dn, $attribute);
|
||||
if(is_array($value) && isset($value[0]) && !empty($value[0])) {
|
||||
$value = $this->readAttribute($dn, $attribute);
|
||||
if(is_array($value) && isset($value[0]) && !empty($value[0])) {
|
||||
\OCP\Util::writeLog('user_ldap', 'Setting '.$attribute.' as UUID attr', \OCP\Util::DEBUG);
|
||||
$this->connection->ldapUuidAttribute = $attribute;
|
||||
return true;
|
||||
}
|
||||
\OCP\Util::writeLog('user_ldap', 'The looked for uuid attr is not '.$attribute.', result was '.print_r($value, true), \OCP\Util::DEBUG);
|
||||
}
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'The looked for uuid attr is not '.$attribute.', result was '.print_r($value, true),
|
||||
\OCP\Util::DEBUG);
|
||||
}
|
||||
|
||||
return false;
|
||||
|
@ -888,7 +904,9 @@ abstract class Access {
|
|||
|
||||
public function getUUID($dn) {
|
||||
if($this->detectUuidAttribute($dn)) {
|
||||
\OCP\Util::writeLog('user_ldap', 'UUID Checking \ UUID for '.$dn.' using '. $this->connection->ldapUuidAttribute, \OCP\Util::DEBUG);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'UUID Checking \ UUID for '.$dn.' using '. $this->connection->ldapUuidAttribute,
|
||||
\OCP\Util::DEBUG);
|
||||
$uuid = $this->readAttribute($dn, $this->connection->ldapUuidAttribute);
|
||||
if(!is_array($uuid) && $this->connection->ldapOverrideUuidAttribute) {
|
||||
$this->detectUuidAttribute($dn, true);
|
||||
|
@ -1027,13 +1045,18 @@ abstract class Access {
|
|||
$pagedSearchOK = false;
|
||||
if($this->connection->hasPagedResultSupport && !is_null($limit)) {
|
||||
$offset = intval($offset); //can be null
|
||||
\OCP\Util::writeLog('user_ldap', 'initializing paged search for Filter'.$filter.' base '.print_r($bases, true).' attr '.print_r($attr, true). ' limit ' .$limit.' offset '.$offset, \OCP\Util::INFO);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'initializing paged search for Filter'.$filter.' base '.print_r($bases, true)
|
||||
.' attr '.print_r($attr, true). ' limit ' .$limit.' offset '.$offset,
|
||||
\OCP\Util::INFO);
|
||||
//get the cookie from the search for the previous search, required by LDAP
|
||||
foreach($bases as $base) {
|
||||
|
||||
$cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
|
||||
if(empty($cookie) && ($offset > 0)) {
|
||||
//no cookie known, although the offset is not 0. Maybe cache run out. We need to start all over *sigh* (btw, Dear Reader, did you need LDAP paged searching was designed by MSFT?)
|
||||
// no cookie known, although the offset is not 0. Maybe cache run out. We need
|
||||
// to start all over *sigh* (btw, Dear Reader, did you need LDAP paged
|
||||
// searching was designed by MSFT?)
|
||||
$reOffset = ($offset - $limit) < 0 ? 0 : $offset - $limit;
|
||||
//a bit recursive, $offset of 0 is the exit
|
||||
\OCP\Util::writeLog('user_ldap', 'Looking for cookie L/O '.$limit.'/'.$reOffset, \OCP\Util::INFO);
|
||||
|
@ -1049,13 +1072,16 @@ abstract class Access {
|
|||
if($offset > 0) {
|
||||
\OCP\Util::writeLog('user_ldap', 'Cookie '.$cookie, \OCP\Util::INFO);
|
||||
}
|
||||
$pagedSearchOK = ldap_control_paged_result($this->connection->getConnectionResource(), $limit, false, $cookie);
|
||||
$pagedSearchOK = ldap_control_paged_result($this->connection->getConnectionResource(),
|
||||
$limit, false, $cookie);
|
||||
if(!$pagedSearchOK) {
|
||||
return false;
|
||||
}
|
||||
\OCP\Util::writeLog('user_ldap', 'Ready for a paged search', \OCP\Util::INFO);
|
||||
} else {
|
||||
\OCP\Util::writeLog('user_ldap', 'No paged search for us, Cpt., Limit '.$limit.' Offset '.$offset, \OCP\Util::INFO);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'No paged search for us, Cpt., Limit '.$limit.' Offset '.$offset,
|
||||
\OCP\Util::INFO);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -76,7 +76,8 @@ class Connection {
|
|||
$this->configPrefix = $configPrefix;
|
||||
$this->configID = $configID;
|
||||
$this->cache = \OC_Cache::getGlobalCache();
|
||||
$this->config['hasPagedResultSupport'] = (function_exists('ldap_control_paged_result') && function_exists('ldap_control_paged_result_response'));
|
||||
$this->config['hasPagedResultSupport'] = (function_exists('ldap_control_paged_result')
|
||||
&& function_exists('ldap_control_paged_result_response'));
|
||||
}
|
||||
|
||||
public function __destruct() {
|
||||
|
@ -274,9 +275,36 @@ class Connection {
|
|||
* @return returns an array that maps internal variable names to database fields
|
||||
*/
|
||||
private function getConfigTranslationArray() {
|
||||
static $array = array('ldap_host'=>'ldapHost', 'ldap_port'=>'ldapPort', 'ldap_backup_host'=>'ldapBackupHost', 'ldap_backup_port'=>'ldapBackupPort', 'ldap_override_main_server' => 'ldapOverrideMainServer', 'ldap_dn'=>'ldapAgentName', 'ldap_agent_password'=>'ldapAgentPassword', 'ldap_base'=>'ldapBase', 'ldap_base_users'=>'ldapBaseUsers', 'ldap_base_groups'=>'ldapBaseGroups', 'ldap_userlist_filter'=>'ldapUserFilter', 'ldap_login_filter'=>'ldapLoginFilter', 'ldap_group_filter'=>'ldapGroupFilter', 'ldap_display_name'=>'ldapUserDisplayName', 'ldap_group_display_name'=>'ldapGroupDisplayName',
|
||||
static $array = array(
|
||||
'ldap_host'=>'ldapHost',
|
||||
'ldap_port'=>'ldapPort',
|
||||
'ldap_backup_host'=>'ldapBackupHost',
|
||||
'ldap_backup_port'=>'ldapBackupPort',
|
||||
'ldap_override_main_server' => 'ldapOverrideMainServer',
|
||||
'ldap_dn'=>'ldapAgentName',
|
||||
'ldap_agent_password'=>'ldapAgentPassword',
|
||||
'ldap_base'=>'ldapBase',
|
||||
'ldap_base_users'=>'ldapBaseUsers',
|
||||
'ldap_base_groups'=>'ldapBaseGroups',
|
||||
'ldap_userlist_filter'=>'ldapUserFilter',
|
||||
'ldap_login_filter'=>'ldapLoginFilter',
|
||||
'ldap_group_filter'=>'ldapGroupFilter',
|
||||
'ldap_display_name'=>'ldapUserDisplayName',
|
||||
'ldap_group_display_name'=>'ldapGroupDisplayName',
|
||||
|
||||
'ldap_tls'=>'ldapTLS', 'ldap_nocase'=>'ldapNoCase', 'ldap_quota_def'=>'ldapQuotaDefault', 'ldap_quota_attr'=>'ldapQuotaAttribute', 'ldap_email_attr'=>'ldapEmailAttribute', 'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr', 'ldap_cache_ttl'=>'ldapCacheTTL', 'home_folder_naming_rule' => 'homeFolderNamingRule', 'ldap_turn_off_cert_check' => 'turnOffCertCheck', 'ldap_configuration_active' => 'ldapConfigurationActive', 'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch', 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch');
|
||||
'ldap_tls'=>'ldapTLS',
|
||||
'ldap_nocase'=>'ldapNoCase',
|
||||
'ldap_quota_def'=>'ldapQuotaDefault',
|
||||
'ldap_quota_attr'=>'ldapQuotaAttribute',
|
||||
'ldap_email_attr'=>'ldapEmailAttribute',
|
||||
'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr',
|
||||
'ldap_cache_ttl'=>'ldapCacheTTL',
|
||||
'home_folder_naming_rule' => 'homeFolderNamingRule',
|
||||
'ldap_turn_off_cert_check' => 'turnOffCertCheck',
|
||||
'ldap_configuration_active' => 'ldapConfigurationActive',
|
||||
'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch',
|
||||
'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch'
|
||||
);
|
||||
return $array;
|
||||
}
|
||||
|
||||
|
@ -388,7 +416,8 @@ class Connection {
|
|||
* @returns true if configuration seems OK, false otherwise
|
||||
*/
|
||||
private function validateConfiguration() {
|
||||
//first step: "soft" checks: settings that are not really necessary, but advisable. If left empty, give an info message
|
||||
// first step: "soft" checks: settings that are not really
|
||||
// necessary, but advisable. If left empty, give an info message
|
||||
if(empty($this->config['ldapBaseUsers'])) {
|
||||
\OCP\Util::writeLog('user_ldap', 'Base tree for Users is empty, using Base DN', \OCP\Util::INFO);
|
||||
$this->config['ldapBaseUsers'] = $this->config['ldapBase'];
|
||||
|
@ -398,11 +427,16 @@ class Connection {
|
|||
$this->config['ldapBaseGroups'] = $this->config['ldapBase'];
|
||||
}
|
||||
if(empty($this->config['ldapGroupFilter']) && empty($this->config['ldapGroupMemberAssocAttr'])) {
|
||||
\OCP\Util::writeLog('user_ldap', 'No group filter is specified, LDAP group feature will not be used.', \OCP\Util::INFO);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'No group filter is specified, LDAP group feature will not be used.',
|
||||
\OCP\Util::INFO);
|
||||
}
|
||||
if(!in_array($this->config['ldapUuidAttribute'], array('auto', 'entryuuid', 'nsuniqueid', 'objectguid')) && (!is_null($this->configID))) {
|
||||
if(!in_array($this->config['ldapUuidAttribute'], array('auto', 'entryuuid', 'nsuniqueid', 'objectguid'))
|
||||
&& (!is_null($this->configID))) {
|
||||
\OCP\Config::setAppValue($this->configID, $this->configPrefix.'ldap_uuid_attribute', 'auto');
|
||||
\OCP\Util::writeLog('user_ldap', 'Illegal value for the UUID Attribute, reset to autodetect.', \OCP\Util::INFO);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'Illegal value for the UUID Attribute, reset to autodetect.',
|
||||
\OCP\Util::INFO);
|
||||
}
|
||||
if(empty($this->config['ldapBackupPort'])) {
|
||||
//force default
|
||||
|
@ -418,7 +452,9 @@ class Connection {
|
|||
if((strpos($this->config['ldapHost'], 'ldaps') === 0)
|
||||
&& $this->config['ldapTLS']) {
|
||||
$this->config['ldapTLS'] = false;
|
||||
\OCP\Util::writeLog('user_ldap', 'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.', \OCP\Util::INFO);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.',
|
||||
\OCP\Util::INFO);
|
||||
}
|
||||
|
||||
|
||||
|
@ -435,20 +471,28 @@ class Connection {
|
|||
}
|
||||
if((empty($this->config['ldapAgentName']) && !empty($this->config['ldapAgentPassword']))
|
||||
|| (!empty($this->config['ldapAgentName']) && empty($this->config['ldapAgentPassword']))) {
|
||||
\OCP\Util::writeLog('user_ldap', 'Either no password given for the user agent or a password is given, but no LDAP agent; won`t connect.', \OCP\Util::WARN);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'Either no password given for the user agent or a password is given, but no LDAP agent; won`t connect.',
|
||||
\OCP\Util::WARN);
|
||||
$configurationOK = false;
|
||||
}
|
||||
//TODO: check if ldapAgentName is in DN form
|
||||
if(empty($this->config['ldapBase']) && (empty($this->config['ldapBaseUsers']) && empty($this->config['ldapBaseGroups']))) {
|
||||
if(empty($this->config['ldapBase'])
|
||||
&& (empty($this->config['ldapBaseUsers'])
|
||||
&& empty($this->config['ldapBaseGroups']))) {
|
||||
\OCP\Util::writeLog('user_ldap', 'No Base DN given, won`t connect.', \OCP\Util::WARN);
|
||||
$configurationOK = false;
|
||||
}
|
||||
if(empty($this->config['ldapUserDisplayName'])) {
|
||||
\OCP\Util::writeLog('user_ldap', 'No user display name attribute specified, won`t connect.', \OCP\Util::WARN);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'No user display name attribute specified, won`t connect.',
|
||||
\OCP\Util::WARN);
|
||||
$configurationOK = false;
|
||||
}
|
||||
if(empty($this->config['ldapGroupDisplayName'])) {
|
||||
\OCP\Util::writeLog('user_ldap', 'No group display name attribute specified, won`t connect.', \OCP\Util::WARN);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'No group display name attribute specified, won`t connect.',
|
||||
\OCP\Util::WARN);
|
||||
$configurationOK = false;
|
||||
}
|
||||
if(empty($this->config['ldapLoginFilter'])) {
|
||||
|
@ -456,7 +500,9 @@ class Connection {
|
|||
$configurationOK = false;
|
||||
}
|
||||
if(mb_strpos($this->config['ldapLoginFilter'], '%uid', 0, 'UTF-8') === false) {
|
||||
\OCP\Util::writeLog('user_ldap', 'Login filter does not contain %uid place holder, won`t connect.', \OCP\Util::WARN);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'Login filter does not contain %uid place holder, won`t connect.',
|
||||
\OCP\Util::WARN);
|
||||
\OCP\Util::writeLog('user_ldap', 'Login filter was ' . $this->config['ldapLoginFilter'], \OCP\Util::DEBUG);
|
||||
$configurationOK = false;
|
||||
}
|
||||
|
@ -520,13 +566,17 @@ class Connection {
|
|||
if(!$this->ldapConnectionRes) {
|
||||
if(!function_exists('ldap_connect')) {
|
||||
$phpLDAPinstalled = false;
|
||||
\OCP\Util::writeLog('user_ldap', 'function ldap_connect is not available. Make sure that the PHP ldap module is installed.', \OCP\Util::ERROR);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'function ldap_connect is not available. Make sure that the PHP ldap module is installed.',
|
||||
\OCP\Util::ERROR);
|
||||
|
||||
return false;
|
||||
}
|
||||
if($this->config['turnOffCertCheck']) {
|
||||
if(putenv('LDAPTLS_REQCERT=never')) {
|
||||
\OCP\Util::writeLog('user_ldap', 'Turned off SSL certificate validation successfully.', \OCP\Util::WARN);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'Turned off SSL certificate validation successfully.',
|
||||
\OCP\Util::WARN);
|
||||
} else {
|
||||
\OCP\Util::writeLog('user_ldap', 'Could not turn off SSL certificate validation.', \OCP\Util::WARN);
|
||||
}
|
||||
|
@ -584,7 +634,9 @@ class Connection {
|
|||
}
|
||||
$ldapLogin = @ldap_bind($cr, $this->config['ldapAgentName'], $this->config['ldapAgentPassword']);
|
||||
if(!$ldapLogin) {
|
||||
\OCP\Util::writeLog('user_ldap', 'Bind failed: ' . ldap_errno($cr) . ': ' . ldap_error($cr), \OCP\Util::ERROR);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'Bind failed: ' . ldap_errno($cr) . ': ' . ldap_error($cr),
|
||||
\OCP\Util::ERROR);
|
||||
$this->ldapConnectionRes = null;
|
||||
return false;
|
||||
}
|
||||
|
|
|
@ -42,7 +42,9 @@ class Jobs {
|
|||
$actualGroups = self::getGroupBE()->getGroups();
|
||||
|
||||
if(empty($actualGroups) && empty($knownGroups)) {
|
||||
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – groups do not seem to be configured properly, aborting.', \OCP\Util::INFO);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'bgJ "updateGroups" – groups do not seem to be configured properly, aborting.',
|
||||
\OCP\Util::INFO);
|
||||
\OCP\Config::setAppValue('user_ldap', 'bgjUpdateGroupsLastRun', time());
|
||||
return;
|
||||
}
|
||||
|
@ -75,19 +77,25 @@ class Jobs {
|
|||
$hasChanged = false;
|
||||
foreach(array_diff($knownUsers, $actualUsers) as $removedUser) {
|
||||
\OCP\Util::emitHook('OC_User', 'post_removeFromGroup', array('uid' => $removedUser, 'gid' => $group));
|
||||
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – "'.$removedUser.'" removed from "'.$group.'".', \OCP\Util::INFO);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'bgJ "updateGroups" – "'.$removedUser.'" removed from "'.$group.'".',
|
||||
\OCP\Util::INFO);
|
||||
$hasChanged = true;
|
||||
}
|
||||
foreach(array_diff($actualUsers, $knownUsers) as $addedUser) {
|
||||
\OCP\Util::emitHook('OC_User', 'post_addFromGroup', array('uid' => $addedUser, 'gid' => $group));
|
||||
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – "'.$addedUser.'" added to "'.$group.'".', \OCP\Util::INFO);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'bgJ "updateGroups" – "'.$addedUser.'" added to "'.$group.'".',
|
||||
\OCP\Util::INFO);
|
||||
$hasChanged = true;
|
||||
}
|
||||
if($hasChanged) {
|
||||
$query->execute(array(serialize($actualUsers), $group));
|
||||
}
|
||||
}
|
||||
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – FINISHED dealing with known Groups.', \OCP\Util::DEBUG);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'bgJ "updateGroups" – FINISHED dealing with known Groups.',
|
||||
\OCP\Util::DEBUG);
|
||||
}
|
||||
|
||||
static private function handleCreatedGroups($createdGroups) {
|
||||
|
@ -98,11 +106,15 @@ class Jobs {
|
|||
VALUES (?, ?)
|
||||
');
|
||||
foreach($createdGroups as $createdGroup) {
|
||||
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – new group "'.$createdGroup.'" found.', \OCP\Util::INFO);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'bgJ "updateGroups" – new group "'.$createdGroup.'" found.',
|
||||
\OCP\Util::INFO);
|
||||
$users = serialize(self::getGroupBE()->usersInGroup($createdGroup));
|
||||
$query->execute(array($createdGroup, $users));
|
||||
}
|
||||
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – FINISHED dealing with created Groups.', \OCP\Util::DEBUG);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'bgJ "updateGroups" – FINISHED dealing with created Groups.',
|
||||
\OCP\Util::DEBUG);
|
||||
}
|
||||
|
||||
static private function handleRemovedGroups($removedGroups) {
|
||||
|
@ -113,10 +125,14 @@ class Jobs {
|
|||
WHERE `owncloudname` = ?
|
||||
');
|
||||
foreach($removedGroups as $removedGroup) {
|
||||
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – group "'.$removedGroup.'" was removed.', \OCP\Util::INFO);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'bgJ "updateGroups" – group "'.$removedGroup.'" was removed.',
|
||||
\OCP\Util::INFO);
|
||||
$query->execute(array($removedGroup));
|
||||
}
|
||||
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – FINISHED dealing with removed groups.', \OCP\Util::DEBUG);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'bgJ "updateGroups" – FINISHED dealing with removed groups.',
|
||||
\OCP\Util::DEBUG);
|
||||
}
|
||||
|
||||
static private function getConnector() {
|
||||
|
@ -154,4 +170,4 @@ class Jobs {
|
|||
|
||||
return self::$groupsFromDB;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -12,19 +12,43 @@
|
|||
}
|
||||
?>
|
||||
<fieldset id="ldapSettings-1">
|
||||
<p><label for="ldap_serverconfig_chooser"><?php echo $l->t('Server configuration');?></label><select id="ldap_serverconfig_chooser" name="ldap_serverconfig_chooser">
|
||||
<p><label for="ldap_serverconfig_chooser"><?php echo $l->t('Server configuration');?></label>
|
||||
<select id="ldap_serverconfig_chooser" name="ldap_serverconfig_chooser">
|
||||
<?php echo $_['serverConfigurationOptions']; ?>
|
||||
<option value="NEW"><?php echo $l->t('Add Server Configuration');?></option>
|
||||
</select>
|
||||
<button id="ldap_action_delete_configuration" name="ldap_action_delete_configuration">Delete Configuration</button>
|
||||
<button id="ldap_action_delete_configuration"
|
||||
name="ldap_action_delete_configuration">Delete Configuration</button>
|
||||
</p>
|
||||
<p><label for="ldap_host"><?php echo $l->t('Host');?></label><input type="text" id="ldap_host" name="ldap_host" data-default="<?php echo $_['ldap_host_default']; ?>" title="<?php echo $l->t('You can omit the protocol, except you require SSL. Then start with ldaps://');?>"></p>
|
||||
<p><label for="ldap_base"><?php echo $l->t('Base DN');?></label><textarea id="ldap_base" name="ldap_base" placeholder="<?php echo $l->t('One Base DN per line');?>" title="<?php echo $l->t('You can specify Base DN for users and groups in the Advanced tab');?>" data-default="<?php echo $_['ldap_base_default']; ?>" ></textarea></p>
|
||||
<p><label for="ldap_dn"><?php echo $l->t('User DN');?></label><input type="text" id="ldap_dn" name="ldap_dn" data-default="<?php echo $_['ldap_dn_default']; ?>" title="<?php echo $l->t('The DN of the client user with which the bind shall be done, e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.');?>" /></p>
|
||||
<p><label for="ldap_agent_password"><?php echo $l->t('Password');?></label><input type="password" id="ldap_agent_password" name="ldap_agent_password" data-default="<?php echo $_['ldap_agent_password_default']; ?>" title="<?php echo $l->t('For anonymous access, leave DN and Password empty.');?>" /></p>
|
||||
<p><label for="ldap_login_filter"><?php echo $l->t('User Login Filter');?></label><input type="text" id="ldap_login_filter" name="ldap_login_filter" data-default="<?php echo $_['ldap_login_filter_default']; ?>" title="<?php echo $l->t('Defines the filter to apply, when login is attempted. %%uid replaces the username in the login action.');?>" /><br /><small><?php echo $l->t('use %%uid placeholder, e.g. "uid=%%uid"');?></small></p>
|
||||
<p><label for="ldap_userlist_filter"><?php echo $l->t('User List Filter');?></label><input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter" data-default="<?php echo $_['ldap_userlist_filter_default']; ?>" title="<?php echo $l->t('Defines the filter to apply, when retrieving users.');?>" /><br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=person".');?></small></p>
|
||||
<p><label for="ldap_group_filter"><?php echo $l->t('Group Filter');?></label><input type="text" id="ldap_group_filter" name="ldap_group_filter" data-default="<?php echo $_['ldap_group_filter_default']; ?>" title="<?php echo $l->t('Defines the filter to apply, when retrieving groups.');?>" /><br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=posixGroup".');?></small></p>
|
||||
<p><label for="ldap_host"><?php echo $l->t('Host');?></label>
|
||||
<input type="text" id="ldap_host" name="ldap_host" data-default="<?php echo $_['ldap_host_default']; ?>"
|
||||
title="<?php echo $l->t('You can omit the protocol, except you require SSL. Then start with ldaps://');?>"></p>
|
||||
<p><label for="ldap_base"><?php echo $l->t('Base DN');?></label>
|
||||
<textarea id="ldap_base" name="ldap_base" placeholder="<?php echo $l->t('One Base DN per line');?>"
|
||||
title="<?php echo $l->t('You can specify Base DN for users and groups in the Advanced tab');?>"
|
||||
data-default="<?php echo $_['ldap_base_default']; ?>" ></textarea></p>
|
||||
<p><label for="ldap_dn"><?php echo $l->t('User DN');?></label>
|
||||
<input type="text" id="ldap_dn" name="ldap_dn" data-default="<?php echo $_['ldap_dn_default']; ?>"
|
||||
title="<?php echo $l->t('The DN of the client user with which the bind shall be done, e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.');?>" /></p>
|
||||
<p><label for="ldap_agent_password"><?php echo $l->t('Password');?></label>
|
||||
<input type="password" id="ldap_agent_password" name="ldap_agent_password"
|
||||
data-default="<?php echo $_['ldap_agent_password_default']; ?>"
|
||||
title="<?php echo $l->t('For anonymous access, leave DN and Password empty.');?>" /></p>
|
||||
<p><label for="ldap_login_filter"><?php echo $l->t('User Login Filter');?></label>
|
||||
<input type="text" id="ldap_login_filter" name="ldap_login_filter"
|
||||
data-default="<?php echo $_['ldap_login_filter_default']; ?>"
|
||||
title="<?php echo $l->t('Defines the filter to apply, when login is attempted. %%uid replaces the username in the login action.');?>" />
|
||||
<br /><small><?php echo $l->t('use %%uid placeholder, e.g. "uid=%%uid"');?></small></p>
|
||||
<p><label for="ldap_userlist_filter"><?php echo $l->t('User List Filter');?></label>
|
||||
<input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter"
|
||||
data-default="<?php echo $_['ldap_userlist_filter_default']; ?>"
|
||||
title="<?php echo $l->t('Defines the filter to apply, when retrieving users.');?>" />
|
||||
<br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=person".');?></small></p>
|
||||
<p><label for="ldap_group_filter"><?php echo $l->t('Group Filter');?></label>
|
||||
<input type="text" id="ldap_group_filter" name="ldap_group_filter"
|
||||
data-default="<?php echo $_['ldap_group_filter_default']; ?>"
|
||||
title="<?php echo $l->t('Defines the filter to apply, when retrieving groups.');?>" />
|
||||
<br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=posixGroup".');?></small></p>
|
||||
</fieldset>
|
||||
<fieldset id="ldapSettings-2">
|
||||
<div id="ldapAdvancedAccordion">
|
||||
|
|
|
@ -112,7 +112,8 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
|
|||
return $ldap_users;
|
||||
}
|
||||
|
||||
// if we'd pass -1 to LDAP search, we'd end up in a Protocol error. With a limit of 0, we get 0 results. So we pass null.
|
||||
// if we'd pass -1 to LDAP search, we'd end up in a Protocol
|
||||
// error. With a limit of 0, we get 0 results. So we pass null.
|
||||
if($limit <= 0) {
|
||||
$limit = null;
|
||||
}
|
||||
|
@ -121,9 +122,12 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
|
|||
$this->getFilterPartForUserSearch($search)
|
||||
));
|
||||
|
||||
\OCP\Util::writeLog('user_ldap', 'getUsers: Options: search '.$search.' limit '.$limit.' offset '.$offset.' Filter: '.$filter, \OCP\Util::DEBUG);
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'getUsers: Options: search '.$search.' limit '.$limit.' offset '.$offset.' Filter: '.$filter,
|
||||
\OCP\Util::DEBUG);
|
||||
//do the search and translate results to owncloud names
|
||||
$ldap_users = $this->fetchListOfUsers($filter, array($this->connection->ldapUserDisplayName, 'dn'), $limit, $offset);
|
||||
$ldap_users = $this->fetchListOfUsers($filter, array($this->connection->ldapUserDisplayName, 'dn'),
|
||||
$limit, $offset);
|
||||
$ldap_users = $this->ownCloudUserNames($ldap_users);
|
||||
\OCP\Util::writeLog('user_ldap', 'getUsers: '.count($ldap_users). ' Users found', \OCP\Util::DEBUG);
|
||||
|
||||
|
@ -189,11 +193,13 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
|
|||
//check for / at the beginning or pattern c:\ resp. c:/
|
||||
if(
|
||||
'/' == $path[0]
|
||||
|| (3 < strlen($path) && ctype_alpha($path[0]) && $path[1] == ':' && ('\\' == $path[2] || '/' == $path[2]))
|
||||
|| (3 < strlen($path) && ctype_alpha($path[0])
|
||||
&& $path[1] == ':' && ('\\' == $path[2] || '/' == $path[2]))
|
||||
) {
|
||||
$homedir = $path;
|
||||
} else {
|
||||
$homedir = \OCP\Config::getSystemValue('datadirectory', \OC::$SERVERROOT.'/data' ) . '/' . $homedir[0];
|
||||
$homedir = \OCP\Config::getSystemValue('datadirectory',
|
||||
\OC::$SERVERROOT.'/data' ) . '/' . $homedir[0];
|
||||
}
|
||||
$this->connection->writeToCache($cacheKey, $homedir);
|
||||
return $homedir;
|
||||
|
@ -270,4 +276,4 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
|
|||
public function hasUserListings() {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue